Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vulnerable Vectors in PHP Based Redirection Pages[redirect.php4/redirect.php5]

From: Aditya K Sood <zeroknock () metaeye org>
Date: Tue, 03 Apr 2007 19:08:23 +0530
Justin Klein Keane wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I hate to add noise to the wire but this 'vulnerability' has nothing to
do with PHP.  This is a run of the mill exploitation of poorly designed
software (i.e. trusting user input) that is endemic on the web, but
isn't connected to any particular language or technology.

Justin C. Klein Keane
a.k.a. Mad Irish
http://www.madirish.net

Aditya K Sood wrote:
  

Hi
             The PHP based redirection pages inherits a design flaw in 
websites.
This makes it vulnerable to phishing attacks.Look into desired issue at:

http://zeroknock.blogspot.com/2007/04/vulnerable-vectors-in-php-based.html
http://zeroknock.metaeye.org/analysis/

Regards
Zeroknock

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

    

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFGEkoxR4a3EW2yjlQRAh3SAJ4v8n15+T+DwTHTp6Bh4fXoYZaCLQCeLj9M
WYiGyrg+jHbOzXeQiIRvOaA=
=f5L3
-----END PGP SIGNATURE-----

  

Well i would like to say only this , the vulnerability overall comes in 
this way

"susceptibility to degradation or damage from adverse factors or influences"

Thats all

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: